Linux "NULL pointer dereferece" in the News...

Daniel B. Thurman dant at cdkkt.com
Sun Jul 19 19:07:50 UTC 2009


Rahul Sundaram wrote:
> On 07/19/2009 11:09 PM, Tom Horsley wrote:
>   
>>> http://blog.namei.org/2009/07/18/a-brief-note-on-the-2630-kernel-null-pointer-vulnerability/
>>>       
>> Why on earth would I need an option named -fno-delete-null-pointer-checks?
>> If there is a null pointer check in the source code, then it is there for
>> a reason (maybe a bad reason, maybe a good one, but the compiler can't possibly
>> know which kind :-). There has got to be a fundamental compiler bug here,
>> and it is absurd to go adding compiler options that say "Oh, by the way,
>> please don't run into this particular bug."
>>
>> What next? Will I need to compile with the options
>>
>> --do-not-alter-meaning-of-line-1 --do-not-alter-meaning-of-line-2 ... ?
>>     
>
> It is not so simple. This is not a compiler bug. I suggest you read
> through http://lwn.net/Articles/341773/rss to understand why.
>
> Rahul
>   
Apparently, according to Brad Spengler, there are several
things he claims that are involved, Gcc, SELinux (which
causes PA exploits?), kernel issues (with structures?) and
he seemed to imply the ignorance of those "in charge" to
resolve these "exploits" and yet provides other issues which
he claims are still unresolved?

Is there anything to worry about as far as Fedora's
F1 --> F11 security being affected, if at all?




More information about the fedora-list mailing list